Cambodia: Implications of the Draft Cybercrime Law
In 2010, the Council of Ministers formed a working group to formulate a draft Cybercrime Law ('the Draft Law'). The Draft Law is currently being prepared by the Ministry of Interior ('MoI') and is yet to be made available to the public for consultation. However, on 9 April 2014, an unofficial version of the Draft Law became accessible to the public. Chris Robinson and Vansok Khem, Partners at DFDL, provide an overview of what the Draft Law currently looks like, and what outstanding issues still exist.
In 2015, the Ministry of Posts and Telecommunications stated that the Draft Law was prepared in cooperation with cybercrime experts from the European Council, and other countries including Thailand, Indonesia, the Philippines, Australia, and New Zealand. In late 2019, the MoI stated that the cybercrime legislation from many countries, including the United States and Singapore, had been studied.
At this stage, it is uncertain how much progress has been made in finalising the Draft Law, and when it may be promulgated.
The Draft Law intends to regulate Cambodia's cyberspace and security, and aims to prevent and combat all kinds of cyber-related crimes. Under the Draft Law, a National Anti-Cybercrime Committee ('NACC') will be set up as the supervisory agency for cyber-related matters. Enforcement and investigative powers will be vested in the NACC.
The NACC officials will be given the authority of judicial police to investigate cybercrime offences. Interestingly, the Secretary General of the NACC may issue an order to preserve computer data or data relating to data traffic in urgent or necessary circumstances for the purpose of gathering evidence or identifying a suspect, if there is concern about an impending or threatened cybercrime.
The Draft Law will be applicable to any individual and entity who commits cyber-related offences in Cambodia. The Draft Law will also cover cybercrimes committed outside Cambodia that affect Cambodian entities, individuals, or interests. The Draft Law also contains mutual legal assistance and extradition provisions under which Cambodian courts may delegate their authority to a foreign court, and may also seek delegated authority from a foreign court for the purpose of preliminary proceedings, such as investigations, searches and seizures, and evidence collection with respect to cybercrimes.
Under the Draft Law, service providers that possess the suspect's data, will be subject to the following mandatory compliance requirements, among others:
- preservation of such data in compliance with a prosecutor and court's order; and
- disclosure to the Secretary General of the NACC or a court of any necessary information for the identification of other service providers in order to make the relevant authorities aware of the chain of communication with respect to the suspect.
Furthermore, it is noted that a prosecutor or a court may issue a search order whenever necessary in order to investigate a computer system or computer data storage medium for the purpose of gathering evidence related to a cybercrime. Also, a prosecutor may, subject to an order of a court, seize the objects containing the suspect's computer data, traffic data, or other data relating to cybercrime for the purpose of making copies that can be used as evidence.
As for sanctions, any individual or entity in breach of the Draft Law may be fined up to KHR 30,000,000 (approx. €6,650) and/or imprisoned for up to 15 years. Additional punishments could be imposed, such as temporary or permanent revocation of civil rights, prohibition against working in a particular industry/profession for a period of time, and/or dissolution of a legal entity.
There has not been any public consultation on the Draft Law. It is unclear whether the views of the relevant stakeholders, such as telecommunication operators or data centre providers, have been sought at the time of publication.
It is hoped that, in any future draft, the scope of the NACC's authority to investigate individuals and legal entities, and the demarcation of its authority when compared with those of a prosecutor or a court, will be clarified. It is also unclear under the Draft Law whether only the author of the content found to be in violation of the Draft Law will be held liable, or whether liability will also extend to platform providers.
This article has been prepared in collaboration with Sarin & Associates, an association of Cambodian admitted Attorneys-at-Law, working in a commercial relationship with DFDL.